From 5c2fc8b317e17d0b194f27937bd9d2af8961502f Mon Sep 17 00:00:00 2001
From: dongyukun <1208714201@qq.com>
Date: 星期五, 24 一月 2025 15:06:55 +0800
Subject: [PATCH] Merge remote-tracking branch 'origin/master'
---
iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/common/xss/SQLFilter.java | 36 +++++++++++++++++++++++++++++++-----
1 files changed, 31 insertions(+), 5 deletions(-)
diff --git a/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/common/xss/SQLFilter.java b/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/common/xss/SQLFilter.java
index 57178fc..2dbbc18 100644
--- a/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/common/xss/SQLFilter.java
+++ b/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/common/xss/SQLFilter.java
@@ -12,10 +12,11 @@
/**
* SQL注入过滤
- * @param str 待验证的字符串
+ *
+ * @param str 待验证的字符串
*/
- public static String sqlInject(String str){
- if(StringUtils.isBlank(str)){
+ public static String sqlInject(String str) {
+ if (StringUtils.isBlank(str)) {
return null;
}
//去掉'|"|;|\字符
@@ -31,8 +32,33 @@
String[] keywords = {"master", "truncate", "insert", "select", "delete", "update", "declare", "alter", "drop"};
//判断是否包含非法字符
- for(String keyword : keywords){
- if(str.indexOf(keyword) != -1){
+ for (String keyword : keywords) {
+ if (str.indexOf(keyword) != -1) {
+ throw new RRException("包含非法字符");
+ }
+ }
+
+ return str;
+ }
+
+ /**
+ * SQL注入过滤
+ *
+ * @param orgStr 待验证的字符串
+ */
+ public static String sqlInject2(String orgStr) {
+ if (StringUtils.isBlank(orgStr)) {
+ return null;
+ }
+ //转换成小写
+ String str = new String(orgStr.toLowerCase());
+
+ //非法字符
+ String[] keywords = {";", "master", "truncate", "insert", "delete", "update", "declare", "alter", "drop"};
+
+ //判断是否包含非法字符
+ for (String keyword : keywords) {
+ if (str.indexOf(keyword) != -1) {
throw new RRException("包含非法字符");
}
}
--
Gitblit v1.9.3